Jump to Content
Identity and Security

Help secure your organization with new endpoint management, intelligent access controls

October 29, 2019
Vidya Nagarajan

Group Product Manager, Google Cloud

Brad Meador

Product Lead, Google Workspace Security

New updates that provide IT admins even deeper control.

Contact Google Workspace Sales Team

Learn more about how Google Workspace can give your teams a better way to connect, create, and collaborate.

CONTACT US

G Suite has always aimed to give IT admins simpler ways to manage access, control devices, ensure compliance and keep data secure. Today we are announcing new updates that provide even deeper control. Some of these features will be turned on by default for G Suite and Cloud Identity so that we can reduce the burden on IT admins while ensuring that the right protections are in place for your organization. And, even better, in most cases your users won’t have to do anything to benefit from these enhanced protections. Here’s the breakdown:

1. Control devices with fundamental desktop management
Securing devices is one of the best ways for businesses to help keep data safe. Now, with fundamental desktop management you can get more management controls over all desktop devices that access G Suite. This feature is automatically enabled for your desktop devices that access G Suite, which means employees don’t have to install agents or profiles on Mac, Windows, Chrome and Linux devices.

https://storage.googleapis.com/gweb-cloudblog-publish/original_images/image2_dZGTQFU.gif

It also means admins get added security management controls, including the ability to:

  • See which devices access corporate data in a single dashboard

  • Remotely sign out users from desktop devices should the device become lost or stolen

  • Allow multiple user accounts to be managed on the same device, like frontline workers

More than 85 million 30 day active devices licensed through G Suite, Cloud Identity and Chrome Enterprise are managed by our endpoint management solution. Particularly within G Suite & Cloud Identity, multiple devices per user can be managed at no additional cost. The new desktop management features will be generally available for all G Suite and Cloud Identity customers. Learn more

2. Implement dynamic access controls for G Suite
Based on the zero trust security model and Google’s BeyondCorp implementation, context-aware access enables you to provide secure access for your users. Today, context-aware access is generally available for G Suite Enterprise customers so they can: 

  • Dynamically control access to G Suite apps based on a user’s identity and the context of their request, like device security status, IP address, etc. 

  • Apply specific controls and policies to various organizational units (OU) 

  • Apply policy based access controls to G Suite apps. 

If you’re wondering what types of access controls can be enforced through context-aware access, here are some examples: 1.) only allowing users from a corporate-owned device and a corporate IP address to access your organization’s Google Drive, 2.) only allowing users from a “high trust” organizational unit  to access Drive when not on a corporate IP address, or 3.) only allowing users with an encrypted device and a screen lock enabled to access Gmail. Learn more.

Many of our G Suite and Cloud Identity customers are already using context-aware access to protect their users, including Veolia, a large multinational water, waste, and energy management company. The company’s enterprise architect and cybersecurity officer, Pascal Dalla-Torre, notes: "With around 100,000 connected employees spread over 5 continents, it's critical that our employees have access securely to company resources from anywhere on their preferred devices. Google Cloud's context-aware access will enable us to achieve that while enforcing granular and fine-tuned access control policies to ensure that only the right people have access to company apps and infrastructure." Watch this video to learn more about how to use context-aware access.

3. Automate security with new rules in security center
The G Suite security center already helps you protect your organization with security analytics and best practice recommendations from Google. It provides a unified security dashboard, an investigation tool to identify, triage, and take action on security and privacy issues in your domain, and more. Starting today, admins can create automated rules to remediate issues or send notifications to the alert center.

https://storage.googleapis.com/gweb-cloudblog-publish/original_images/image1_BM51Bgl.gif

This makes it possible for teams of admins and analysts to collaborate on security investigations instantly based on alerts, and makes it easier to assess and manage threats with automated actions and improved tracking—key steps to improve your organization’s security posture.

These updates to the security center will be rolling out over the next two weeks for organizations on G Suite Enterprise. Learn more.

Get started

Learn more security tips from Google experts by watching these G Suite security videos, or join us for our quarterly Google Cloud Security Talks coming up in November.

Posted in